Improved Fscrypt File Encryption Handling Aims For Linux 5.4

Written by Michael Larabel in Linux Storage on 11 August 2019 at 08:17 AM EDT. 6 Comments
Fscrypt is the common Linux kernel framework leveraged by the likes of the EXT4, F2FS, and UBIFS file-systems for providing native encryption support. While that Fscrypt-based file encryption has been part of the kernel for several releases now, there's been some shortcomings in how the encryption keys are handled but that should be cleared up for the upcoming Linux 5.4 cycle.

Eric Biggers of Google has been working to improve the key management for fscrypt. The solution he's been working on for a while is support for a file-system level key-ring with ioctls that allows keys to be easily added and removed.

The issues being addressed by this code are avoiding bugs in how fscrypt is currently abusing an OS-level access control mechanism, no current ability to properly remove a key, weaknesses in the key derivation function, and fscrypt not checking that the correct key was supplied as a current security vulnerability.

More details on this code still being worked on but will hopefully be ready for Linux 5.4 can be found via this message.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week